If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

SecureBoot Is Now Easier For Smaller Distributions

11-30-2012, 11:10 PM

Phoronix: SecureBoot Is Now Easier For Smaller Distributions

Matthew Garrett has shared that he's finally published his shim boot-loader for dealing with UEFI SecureBoot that makes it easier for the smaller Linux distributions to deal with this "secure" technology. Using this shim boot-loader is already signed with a Microsoft key so the smaller Linux distributions and other independent parties don't have to worry about obtaining a key from Microsoft...

Comment

This is so ugly i cannot believe it is even legal to sell locked hardware like this.

The very minimum requirement should be that this key adding procedure would be doable from the UEFI specs and the computers came at most preinstalled with a microsoft key. But having to ship a binary blob just to boot your distro compromises your system even before linux has started loading The fact you can beg for a key from only microsoft to circumvent this restriction is the definition of a monopoly.

This is something EU should take notice of and force all hardware to be open, but those bureocrats only look after business interests, not peoples interests

Comment

UEFI can run in the background and can run background services behind the OS while the OS is also running.
UEFI have much more control over the system and has a built-in TCP stack.

BIOS is much more simple and can not run stuff in the background.

UEFI is much more dangerous and likely to be vulnerable, exploitable and backdoored.

This is actually very true. The original idea of Coreboot was to load the OS faster, by skipping unnecessary configuration/tests and jumping straight to OS while giving it more direct control over hardware.

The UEFI on the other side is as perverted as it gets - its just a overcomplex loader system, with DRM integrated where BIOS was. The only good outcome of it are nicer menus.... :///

I wonder why people always suck down what is thrown to them.. When will they claim PC as really "Personal Computer"??!